On Sun, Mar 06, 2005 at 01:34:24PM +0100, Patrick McHardy wrote:
>
> How about this one ? It keeps the DST_XFRM_TUNNEL flag and sets it on
> the first xfrm_dst in a bundle. I know it doesn't really belong there,
Actually, why do we need to treat tunnel mode differently here?
In other words, why not just do the mark/tos checks unconditionally.
Forwarded packets don't get a proper tos/mark setting for IPsec
but that's a bug in itself.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt